This week marks six months since the last of three compliance deadlines for the New York State Department of Financial Services (NYDFS) Cybersecurity Regulations. As of March 1, 2019, many financial services firms operating in New York state are now required to abide by a new set of cybersecurity standards that dictate how they manage, share, and control access to data.
As the digital economy has grown and changed, cybersecurity has become an integral part of operating nearly any successful business. The Chief Information Security Officer (CISO) is at the forefront of the modern cybersecurity organization, and CISOs have to adapt to the changing times in front of them.
Payment services that operate electronically should adopt technologies that guarantees the safe authentication of the user and reduces, to the maximum extent possible, the risk of fraud. In order to achieve this, the European Union in 2007 passed the Payment Services Directive (PSD). The aim of this legislation is to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).
The British holiday firm, Truly Travels, has admitted to suffering a data breach due to an unsecured Amazon Web Services server. The data in the unsecured AWS server was left open to the internet for over three years, exposing the personal details of over 200,000 customers.
Logs are the cornerstone in today’s cybersecurity monitoring, investigation, and forensics. According to a Fortune 500 report, an organization’s IT infrastructure can generate up to 10 Terabytes of log data per month. In this post, we will learn about log aggregation and monitoring; then analyze how they can help businesses to strength their cybersecurity posture.
The number of fraudulent email circulations seems to grow with each passing day. Scammers use email fraud with the main motive of deceiving users for their gain. This is especially true in the financial institutions where attackers use domain spoofing schemes to send emails to employees or customers.
Sensitive data is information that must be protected against unauthorized access. Access to sensitive data should be limited through sufficient data security and information security practices designed to prevent unauthorized disclosure and data breaches. Your organization may have to protect sensitive data for ethical or legal requirements, personal privacy, regulatory reasons, trade secrets and other critical business information.
A data leak is when sensitive data is accidentally exposed physically, on the Internet or any other form including lost hard drives or laptops. This means a cyber criminal can gain unauthorized access to the sensitive data without effort.
Personally identifiable information (PII) is data that could identify a specific individual. Information that can be used to distinguish an individual's identity from another or be used to deanonymize anonymous data is also considered PII. While PII has several formal definitions, think of it as any information that can be used on its own or with other information to identify, contact or locate a particular person.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. What a week of news this has been, more MageCart, a few large take downs, and some surprising breaches. We start with a first, the first ‘hack’ from space.
